Debian and other GNU/Linux systems often come with world readable logs/configurations/directories. For example, on a new install, these files are world readable:
/etc/passwd
/var/log/lastlog
- list of running cron jobs
Although being able to read those files isn't directly a threat, in a system where all users cannot be trusted, it's wise to minimize system visibility.
Is there a linux flavor / standard tool for avoiding those kinds of situation where new users can harvest that many details about the server they're using? Ideally, they should be limited to their own directories.
I've already set up chroot jails in the past, but I'm looking for an alternative solution or tricks some of you may have.
Thanks!
You may want to dig a little deeper before 'fixing' this and make sure your changes are fully thought-out. Of the files you mentioned:
I happen to know that /etc/passwd has to be readable for any number of programs (ls) to access user name information in standard configurations. Nothing in /etc/passwd is secret or privileged on any modern machine as that's what the shadow files are for, or the secrets are hosted on the network via LDAP, Kerberos or some other such thing.
I'm less sure about the other two. cron runs as the user whose jobs it is executing, so it probably needs to be able to read that file as any user who can run cron. Any user on an average system can run last,w to see recent and current logins (read from lastlog and wtmp, afair), and so these files are readable. You may certainly remove those commands, or user access to them, and then you might want to change the perms on the files or remove them altogether, once you are quite certain they are not used.
The Securing Debian Manual may be able to answer more of these questions for you or explain things better. Although it is not actively maintained it is still quite good. Other distros have similar resources.
/etc/passwd
should be world readable; many programs need to read it. This is not a security risk (unless you consider that showing which users exist on the machine is a security risk); the password is not stored in it now, and never was stored unencrypted./var/log/lastlog
- if this is world readable, it means people can see whether there are problems on the machine that the administrators need to be looking at without having to pester the administrators first.List of running cron jobs - this is shown by
ps
, I presume? If you are worried about users seeing what other people are doing on the same machine, then you have problems. Unix and Linux generally work best where there's a modicum of trust between the users on a machine. You can run securely with fairly general public read access; it is much harder to run without it.If you want to run a secure system, consider SELinux. I'm not sure whether it deals with those particular issues, but of all the Linux systems, SELinux or one of its derivatives is the most likely to do it.